cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Engelhart <>
Subject Re: XSP session diffs
Date Sun, 20 Feb 2000 03:06:11 GMT
Ted wrote:

> Thanks for the point of view, Mike. We have a slew of groupware
> applications developed using sessions, and all pages are set to (true)
> except for the logout page which is set to (false) then calls
> inactivate(). All of these applications are accessible by HTML, WML, and
> Voice, so we are very conscious of bookmarking (except for VoxML, which
> has a unique set of problems). My technique is to detect the presence of
> an authenticator type object in the session. When present, page is
> served. When absent, you are made to authenticate or do something to
> gain access to the page. We set our sessions to expire in about 10
> hours, so it is unlikely that a 5-step process started 9 days ago will
> still be there 9 days later.
> Thanks again. This is useful perspective in how other developers are
> using sessions.
> Ted
> Dr. Teddy Achacoso
> GroupServe, Inc.
Not a problem. I don't speak for everyone's use but since this is hard coded
and their is no "<xsp:session value="true"> tag or something similar, so I
thought session creation should be at the developer's discretion. On the
other hand your idea of having an authenticator would work as well.  Just
more work.
For my site I am using 15 minute session timeouts because the data being
accessed is in real-time and as a way to ensure that high traffic volume
won't eat up more resources than necessary, I don't create a session until I
absolutely have to so I don't incur the overhead of session objects for
every user that casually accesses the site.  In other words unless the user
is doing something that needs to have session state I don't create a session
but at the same time I need dynamic  content to allow users that have their
accept-language set to Italian or Spanish to receive their pages in their
preferred language.


View raw message